Do not erase input key in psa_tls12_prf_psk_to_ms_set_key() When ALG_TLS12_PSK_TO_MS() is used, first derivation is correct but the following derivations output data is incorrect. This is because input key is erased in psa_tls12_prf_psk_to_ms_set_key() since commit 03faf5d2c174eef1ebab39a8139a4042e77049b8. Fixes: 03faf5d2c174eef1ebab39a8139a4042e77049b8 ("psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage") Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>

commit: b743d95051b2eaa522f0fe6c1d4cb5513b25277f [log] [tgz]
author: Neil Armstrong <narmstrong@baylibre.com> Wed May 04 11:06:20 2022 +0200
committer: Neil Armstrong <narmstrong@baylibre.com> Wed May 04 11:06:22 2022 +0200
tree: ccd1a6123f2b38a260eccec773d59d64cc45cc3f
parent: 068a13d909ec08a12a5f74289b18142d27977044 [diff]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d58923d..fa6800b 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -5371,7 +5371,6 @@
     *cur++ = MBEDTLS_BYTE_1( data_length );
     *cur++ = MBEDTLS_BYTE_0( data_length );
     memcpy( cur, data, data_length );
-    mbedtls_platform_zeroize( (void*) data, data_length );
     cur += data_length;
 
     status = psa_tls12_prf_set_key( prf, pms, cur - pms );
commit	b743d95051b2eaa522f0fe6c1d4cb5513b25277f	[log] [tgz]
author	Neil Armstrong <narmstrong@baylibre.com>	Wed May 04 11:06:20 2022 +0200
committer	Neil Armstrong <narmstrong@baylibre.com>	Wed May 04 11:06:22 2022 +0200
tree	ccd1a6123f2b38a260eccec773d59d64cc45cc3f
parent	068a13d909ec08a12a5f74289b18142d27977044 [diff]